Markus Hess, a computer hacker and possibly a Soviet spy in Germany, broke into the computer systems at Lawrence Berkeley Laboratory and many other computers on the Internet with stolen user accounts and passwords in 1988. This incident, which was the subject of an episode of the television program Nova in October 1990, and many similar attacks against computers worldwide, underscore the growing importance of security as an issue in data processing.

Buck addresses the subject of data security concisely and from a practitioner’s point of view in 12 brief chapters. Basic security terms are defined in one chapter and a rationale is established for a comprehensive data security program in business organizations. Four chapters explain a stepwise approach to conducting security risk analysis in data processing environments, and computer security countermeasures against various threats are discussed in three areas: physical security, administrative security, and personnel and computer subsystems security. Buck divides computer security countermeasures into five categories: system software, databases, applications software, hardware, and communications and terminals. A separate chapter on personal computer security provides an overview of the security issues in the PC environment.

I found the chapter on viruses interesting and informative. It contains an excellent list of 112 viruses, their characteristics, and the “disinfector” programs available for them. A case study contained in the appendix demonstrates the applicability of the risk analysis and countermeasures framework for computer security discussed in the book.

Business professionals, especially accountants, will find the book useful in designing a practical program of general data security for small and medium-sized companies. Unfortunately, this book provides only a cursory view of this extremely complex subject, ignoring the larger social, organizational, technological, and legal aspects of computer security threats and countermeasures.